Jorn Lapon

Analysis of revocation strategies for anonymous Idemix credentials

In an increasing information-driven society, preserving privacy is essential. Anonymous credentials promise a solution to protect the users privacy. However, to ensure accountability, efficient revocation mechanisms are essential. Having classified existing revocation strategies, we implemented one variant for each. In this paper we describe our classification and compare our implementations. Finally, we present a detailed analysis and pragmatic evaluation of the strategies.

Structure preserving CCA secure encryption and applications

In this paper we present the first CCA-secure public key encryption scheme that is structure preserving, i.e., our encryption scheme uses only algebraic operations. In particular, it does not use hash-functions or interpret group elements as bit-strings. This makes our scheme a perfect building block for cryptographic protocols where parties for instance want to prove properties about ciphertexts to each other or to jointly compute ciphertexts. Our scheme is very efficient and is secure against adaptive chosen ciphertext attacks. We also provide a few example protocols for which our scheme is useful. For instance, we present an efficient protocol for two parties, Alice and Bob, that allows them to jointly encrypt a given function of their respective secret inputs such that only Bob learns the resulting ciphertext, yet they are both ensured of the computations correctness. This protocol serves as a building block for our second contribution which is a set of protocols that implement the concept of so-called oblivious trusted third parties. This concept has been proposed before, but no concrete realization was known.

A privacy-preserving ticketing system

Electronic identity (eID) cards are deployed in an increasing number of countries. These cards often provide digital authentication and digital signature capabilities, but have at the same time serious privacy shortcomings. We can expect that ordering and issuing tickets for events (e.g. soccer matches) will be increasingly done using eID cards, hence, severely threatening the user’s privacy. This paper proposes two alternative ticketing systems that are using the eID card in a bootstrap procedure, but still are providing a high degree of privacy to the user.

Performance analysis of accumulator-based revocation mechanisms

Anonymous credentials are discussed as a privacy friendlier replacement for public key certificates. While such a transition would help to protect the privacy of digital citizens in the emerging information society, the wide scale deployment of anonymous credentials still poses many challenges. One of the open technical issues is the efficient revocation of anonymous credentials. Currently, accumulator based revocation is considered to be the most efficient and most privacy friendly mechanism for revoking anonymous credentials. This paper analyses the performance of three accumulator based credential revocation schemes. It identifies the bottlenecks of those implementations and presents guidelines to improve the efficiency in concrete applications.

Security and Privacy Improvements for the Belgian eID Technology

The Belgian Electronic Identity Card enables Belgian citizens to prove their identity digitally and to sign electronic documents. At the end of 2009, every Belgian citizen older than 12 years will have such an eID card. In the future, usage of the eID card may be mandatory. However, irresponsible use of the card may cause harm to individuals.

A formal approach for inspecting privacy and trust in advanced electronic services

Advanced information processing technologies are often applied to large profiles and result in detailed behavior analysis. Moreover, under the pretext of increased personalization and strong accountability, organizations exchange information to compile even larger profiles. However, the user is unaware about the amount and type of personal data kept in profiles, partially due to advanced interactions between multiple organizations during service consumption. In this paper, a formal approach to inspect privacy and trust in advanced electronic services is presented. It allows to express access and privacy policies of service providers. Also, the privacy properties of multiple authentication technologies are formally modeled. From this, meaningful privacy properties can be extracted based on varying trust assumptions. Feedback is rendered through automated reasoning, useful for both users and system designers. To demonstrate its practicability, the approach is applied to the design of a travel reservation system.

Cryptographic Mechanisms for Privacy

With the increasing use of electronic media for our daily transactions, we widely distribute our personal information. Once released, controlling the dispersal of this information is virtually impossible. Privacy-enhancing technologies can help to minimise the amount of information that needs to be revealed in transactions, on the one hand, and to limit the dispersal, on the other hand. Unfortunately, these technologies are hardly used today. In this paper, we aim to foster the adoption of such technologies by providing a summary of what they can achieve. We hope that by this, policy makers, system architects, and security practitioners will be able to employ privacy-enhancing technologies.

Trusted Computing to Increase Security and Privacy in eID Authentication

Smart cards are popular devices for storing authentication credentials, because they are easily (trans)portable and offer a secure way for storing these credentials. They have, however, a few disadvantages. First, most smart cards do not have a user interface. Hence, if the smart card requires a PIN, users typically have to enter it via an untrusted workstation. Second, smart cards are resource constrained devices which impedes the adoption of advanced privacy-enhancing technologies (PETs) such as anonymous credentials.

A Framework for Formal Reasoning about Privacy Properties Based on Trust Relationships in Complex Electronic Services

This paper presents a formal approach for the analysis of privacy properties of complex electronic services. A flexible framework for logic reasoning allows for formally modeling these services in a typed first-order logic and for inferring privacy properties that can be interpreted by all the stakeholders including consumers. The inference strategy consists of compiling user profiles according to the expectations of the consumer about the data practices of the service providers involved. The data in these profiles originates from information that has been disclosed by the consumer during the service interactions or that may have been exchanged between organizations thereafter. The framework can infer relevant privacy properties from these profiles. To validate our work, the approach is applied to the modeling of a web shop.

A Mobile and Reliable Anonymous ePoll Infrastructure

This paper illustrates and scans the limits of the use of anonymous credentials (e.g. Idemix) on smart phones to preserve the user’s privacy. A prototypical application with strong privacy requirements, ePoll, will be presented in detail. To ease the implementation of such applications, a specialized identity management framework has been developed. A first prototype of the ePoll application was built for workstations. Later it was ported to a smart phone to evaluate the performance of anonymous credential protocols in this setting.